Issue 3044: After-login redirect messes up the URL
Status:  Submitted
Owner: ----
Closed:  Apr 2015
Reported by papp.robert.s, Dec 5, 2014
Affected Version:
2.10-rc0-1038-ga530544

What steps will reproduce the problem?
0. Being logged out, e.g. incognito
1. Open a commit: https://android-review.googlesource.com/#/c/117730/
2. Log in in upper right corner
3. Enter google password and choose account

After login it redirects back to where you pressed Log in:

What is the expected output?
https://android-review.googlesource.com/#/c/117730/

What do you see instead?
https://android-review.googlesource.com/#c/117730/
Note the #c which is invalid and shows 404.
Dec 5, 2014
Project Member #2 huga...@gmail.com
It's funny,I reproduced the problem on android-review.googlesource.com, then I tested the same steps with gerrit-review.googlesource.com which is running the same version and it works. Then I tried again with android-review.googlesource.com and this time it worked
Dec 5, 2014
#3 papp.robert.s
Intermittent bugs FTW! :)
It happened only once, I didn't try to repro it, just reported.
I'm glad you confirmed it, wishing the best to find the root.
Dec 5, 2014
Project Member #4 huga...@gmail.com
More info, it looks like the problem only happens the first time and then it is ok.

The difference I noticed between the first and second time I got the login page it was that the first time, I got a page asking me to choose a google account (then I got the bad redirection url) and the second time, my account was already chosen and I only needed to type my password.

Cc: jrn@google.com
Labels: Environment-Google
Dec 23, 2014
Project Member #5 David.Os...@gmail.com
 Issue 3066  has been merged into this issue.
Feb 10, 2015
#6 chantry....@gmail.com
I have the same issue, with slightly different URLs.
If I open the following link in a new session: https://git.corp/r/42117
I get a login prompt, and then I am redirected to https://git.corp/r/c/42117/ which does not exist.

Looking at Network in google chrome, I see the following:

1. Request URL:https://git.corp/r/login/c/42117/
Location:https://git.corp/r/c/42117/

2. Request URL:https://git.corp/r/c/42117/
Status Code:404 Not Found

Once I am logged in, it's fine :

1. Request URL:https://git.corp/r/42117
2. Location:https://git.corp/r/#/c/42117/

Using gerrit 2.10 but I already saw the problem with earlier versions.
Feb 26, 2015
#7 cdiffri...@instructure.com
This is a major annoyance for anyone that uses gerrit on a daily basis
Apr 1, 2015
#8 addis...@gmail.com
I dug into this on my gerrit and think I may have an idea of the problem is. A bit of background, we use Apache in front of gerrit doing Basic auth against an LDAP.

The issue we are having is that after a gerrit token expires, visiting https://gerrit.org/12345 redirects to https://gerrit.org/c/12345 (an invalid url)

More concretely, in our case, it seems the flow is:
0. gerrit token expires
1. apache doesn't care about expired token, goes on to gerrit
2. gerrit doesn't run auth on /12345 and redirect to #/c/12345 (directChangeById() in UrlModule)
3. auth kicks over to /login/c/12345, token is refreshed via apache still sending valid headers
4. login redirects to /c/12345

It seems like there are multiple work arounds for our specific case, such as making /c/12345 route to /#/c/12345 or having auth trigger before the directChangeById() is hit, which would cause a redirect to happen earlier, but it seems the root cause for original reporter as well as us is that the redirectUrl is getting munged
Apr 1, 2015
#9 addis...@gmail.com
Okay, did even more digging and in fact that flow is confirmed, here are more details but am still not sure what a proper fix would look like.

Gerrit does not run HttpAuthFilter on anything outside of HostPageServlet so the redirect to /#/12345 happens and LoginRedirect.html is hit, which strips off the # and redirects to /login/c/12345. 


Apr 2, 2015
Project Member #10 huga...@gmail.com
LoginRedirect.html should not strip '#/'. The code handling the login (HttpLoginServlet for HTTP auth type) assume that URL it needs to redirect to has the '#/' in it. This was changed between 2.9.x and 2.10.x but obviously, the HTTP and HTTP_LDAP authentication types were not tested. 

Can you try removing the code striping '#/' in LoginRedirect.html?
Apr 2, 2015
Project Member #11 dougk....@gmail.com
Indeed: removing the code to strip '#/' (see https://gerrit-review.googlesource.com/66814) does work normally.  From the sounds of it, the change to HttpLoginServlet was intentional, but I'm not sure what effect removing the stripping of '#/' will have on the other login types. Any other comments?
Apr 6, 2015
Project Member #12 huga...@gmail.com
 Issue 3273  has been merged into this issue.
Apr 6, 2015
Project Member #13 huga...@gmail.com
(No comment was entered for this change.)
Status: ChangeUnderReview
Cc: -jrn@google.com
Labels: -Environment-Google
Apr 7, 2015
Project Member #14 edwin.ke...@gmail.com
(No comment was entered for this change.)
Status: Submitted
Apr 7, 2015
Project Member #15 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: FixedIn-2.11
Apr 14, 2015
Project Member #16 david.pu...@sonymobile.com
(No comment was entered for this change.)
Labels: -FixedIn-2.11 FixedIn-2.10.3